Android is one of the most used software in the world. This also means that is is more liable for system malware. This article is about how this new system malware is affecting Google users. But before we start going into details, we want to make you aware of just how globally spread Android actually is with its more than 2.5billion active devices installed- a third of the world’s population. And that is only on the Google mobile OS.
Due to its big size, Android is also a target of security alerts. It is no secret that the Google mobile operating system has privacy breaches. But the company is trying hard to keep its users informed about these types of threats and also put a stop on them.
xHelper malware found on Android devices
Today we are going to discuss the alert that Google sent out last week concerning an app. The app is a question that was available on Google Play Store, and it was downloaded more than 100 million times. All the people using this app were asked to delete it as soon as possible. How crazy is that?
The app was supposed to keep people updated on the novel coronavirus pandemic; however, it did not achieve its purpose. On the contrary, the app was just a tool to lock your device and take your money. People were asked to pay $250 to keep their data safe. This is a serious topic that everyone should take into consideration.
Thanks to Kaspersky Labs, the xHelper malware was found. The malware was hiding on unofficial app marketplaces. People would download the app as a “cleaner” for their device, but after the installation, it would disappear completely. The app couldn’t be found anywhere on the home screen or in the program menu.
This malware is a threat, and according to Kaspersky Labs, who analyzed it, it has the capability of accessing all app data after installing a backdoor. But the harm does not stop here, because the malware can just reinstall itself on your device again and again, even if you are trying to delete it.
The specialist’s opinion on the Android malware
Here’s how Igor Golovin explains it: “Simply removing xHelper does not entirely disinfect the system. The program com.diag.patches.vm8u, installed in the system partition, reinstalls xHelper and other malware at the first opportunity. The malware analyst went onto add: But if you have Recovery mode set up on your Android smartphone, you can try to extract the libc.so file from the original firmware and replace the infected one with it, before removing all malware from the system partition.”
“However, it’s simpler and more reliable to reflash the phone completely. Bear in mind too that the firmware of smartphones attacked by xHelper sometimes contains preinstalled malware that independently downloads and installs programs (including xHelper). In this case, reflashing is pointless, so it would be worth considering alternative firmware for your device. If you do use different firmware, remember that some of the device’s components might not operate properly,” he added.
The xHelper malware is valid proof that people should stop using apps that comes from unofficial marketplaces. It should also raise awareness of not using good Android antivirus software. “In any event, using a smartphone infected with xHelper is extremely dangerous. The malware installs a backdoor with the ability to execute commands as a superuser. It provides the attackers with full access to all app data and can be used by other malware, too, for example, CookieThief,” added Golovin.
These types of malware would probably be a never-ending story for Google’s Android operating system. As we mentioned above, this OS is one of the most used around the world, which makes it more prompt for this kind of Android malware and others.